ITS833 UOC Information Risk Planning and Management Paper

User Generated

WbrlGevoo

Computer Science

ITS833

University of cumberlands

Description

The text names off three different common risk profile methodologies. Compare and contrast each of the three and use one scholarly resource to support each of the three.


300 words with apa format citation


Textbook(s) Required:

  • Information Governance: Concepts, Strategies and Best Practices; 1stEdition; Robert F. Smallwood; Copyright © 2014 by John Wiley & Sons, Inc., Hoboken, New Jersey (ISBN 978-1-118-21830-3)

Unformatted Attachment Preview

1 ITS 833 – INFORMATION GOVERNANCE CHAPTER 4 INFORMATION RISK PLANNING AND MANAGEMENT Dr. Sandra J. Reeves CHAPTER GOALS AND OBJECTIVES  Be able to outline the progressive steps involved in developing an information risk management plan  Know what is meant by “risk” and a “risk profile”  Know the different ways one would go about creating a risk profile  Know how one would go about conducting a risk assessment  Know what an information risk mitigation plan is 2 What is the purpose of Information Risk Planning”?  Identify potential risks to information  Weighing risks against each other  Creating strategic plans for risk mitigation  Creating policies  Develop Metrics  Applying metrics to measure progress  Audit and feedback 3 STEPS IN INFORMATION RISK PLANNING AND MANAGEMENT Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements Step 2: Specify IG Requirements to Achieve Compliance Step 3: Create a Risk Profile Step 4: Perform Risk Analysis and Assessment Step 5: Develop an Information Risk Mitigation Plan Step 6: Develop Metrics and Measure Results Step 7: Execute The Risk Mitigation Plan Step 8: Audit the Information Risk Mitigation Program 4 Step 1: Survey and Determine Legal and Regulatory 5 Applicability and Requirements  Conduct Legislative Research-Legal requirements trump all other requirements  Identify the jurisdictions(s) where the company operates Federal Provincial State Municipal (international) Step 1 Continued  Approaches to legal research for retention, privacy and security laws:  Records retention citation service (Example: FILELAW®)  Use online Print resources (Example: Code of Federal Regulations “CFR”) 6 Step 2: Specify IG Requirements to Achieve Compliance ❑ Compile list of external compliance requirements ❑ Map data, document, and records to external compliance requirements ❑ Devise a method of keeping legal and records management staff apprised of changes in regulations ❑ Reconcile Internal IG retention requirements with external compliance requirements 7 Step 3: Create a Risk Profile  “RISK” – Effect of uncertainty on objectives1  “RISK PROFILE” – Description of a set of risks2  A part of Enterprise Risk Management  Considerations for creating a Risk Profile  Frequency  External Resources  Stakeholders ISO 31000 2009 Plain English, Risk Management Dictionary”, www.praxiom.com/iso-31000-terms.htm  Included in Risk Profile   Identification, documentation, assessment and prioritizing risk that an organization may face in pursuing a business objective Timeline:  Projections 3 to 5 years into future  Create annually  Updated or reviewed semiannually 8 Step 3..Continued ❑ 9 Types of Risk Profile Methodology ❑ Top-10 list-simple listing and ranking of top 10 risks in relation to the objective ❑ Risk Map – Visual tool, easy to grasp, grid depiction of a likelihood axis and impact axis-Generally rated on a 1 to 5 scale ❑ Heat Map-color coded matrix generated by stakeholders voting on risk by color (red is highest risk) Step 3..Continued ❑ 10 Information Gathering for Risk Profile ❑ Surveys ❑ Person-to-Person Interviews ❑ ❑ Give interviewees questions in advance ❑ Schedule interviews at convenient times and places ❑ Keep interviews as short as possible Include questions about: ❑ Access and Security policies ❑ Policy development ❑ Policy adherence ❑ Retention of email ❑ Legal Hold policies ❑ Record Retention ❑ Record destruction ❑ Training and Communications ❑ Consider key events and changes that will impact risk ❑ Generate a list of risks and categorize (Example: natural disasters, regulatory, safety , competitive, etc.) Step 4: Perform Risk Analysis and Assessment  Five steps for Risk Assessment:  Identify the risks –The output of Risk Profile  Determine Potential Impact-Include calculations for range of economic impact in dollars where available. Be as specific as possible  Evaluate Risk Levels and Probabilities and Recommend Action-Recommendations for new procedures, new processes, new investments in IT, and other risk mitigation methods  Create a Report with recommendations and implement-include risk assessment table where available, include written recommendations – implement  Review periodically-at least annually but as appropriate for your organization 11 Step 5: Develop an Information Risk Mitigation Plan  What is a Risk Mitigation Plan?  Plan which includes  Options to reduce specific risks and increases likelihood of achieving objectives  Tasks to reduce specific risks and increases likelihood of achieving objectives  Timetable implementation of risk mitigation measures  Milestones for implementing risk mitigation measures  Timetable/Milestones for IT acquisitions  Timetable/Milestones for assigning roles and responsibilities 12 Step 6: Develop Metrics and Measure Results   Assign quantitative measures that are  Meaningful  Measure progress What are relevant metrics? – Must be relevant to your organization. Examples are:  Educe the data lost on stolen or misplaced laptops and mobile devices by ___ % over the prior year  Reduce the number of hacker intrusion events by ___ over prior year  Reduce e-discovery costs by __ % over prior year  Reduce the number of adverse findings in the risk and compliance audit by ___% over last year  Provide information risk training to __%of knowledge level workers this year  Provide confidential messaging services for the organization’s top ___ executives this year 13 Step 7: Execute Your Risk Mitigation Plan  Set up regular project/program team meetings  Develop Key Reports on key risk mitigation metrics  Manage the process  Use Project management tools and techniques  Clear and concise communication with the IG team on progress and status 14 Step 8: Audit the Information Risk Mitigation Program   Key tools in the audit process?  Metrics used to measure risk mitigation effectiveness  Use Audit results for further redevelopment and fine tuning of the risk mitigation program Don’t misuse the audit results-Don’t use it to beat up on people-Use it for feedback and improvement 15 16 The End
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Find the attached completed work, If you have another one, please invite me to bid. Kindly give me a 5 star review to build my profile.

Running Head: DIFFERENCES BETWEEN RISK PROFILE METHODOLOGIES

Differences between Risk Profile Methodologies
Name:
Institution:
Date:

1

DIFFERENCES BETWEEN RISK PROFILE METHODOLOGIES

2

Introduction
Ideally, the success of any Organization is determined by how aggressive they are in
terms of making risks on investments. There are various methods that are used by Organizations
and Companie...


Anonymous
Just what I needed. Studypool is a lifesaver!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags